2

I want to be able for members to add more info (location, story) to their profile and also update their password if needed.

For that I use the following snippet:

$query = mysql_query("
    INSERT INTO 
        members (location, story) 
    VALUES 
        ('$location', '$story') 
    WHERE 
        username='$user' 
    ON DUPLICATE KEY UPDATE 
        hash = '$password', 
        location='$location', 
        story='$story' 
    ");

This does not work with the "WHERE" part, but if I remove it then the data just gets filled into an empty record, not the user record. How do I properly use the WHERE part in this snippet, so the correct user profile is updated?

I have searched up and down the internet and this website, but not found a single solution, which surprises me as this seems to be a very common question?

Does anyone know how to solve this problem?

Thanks in advance!

Improve this question
3
  • WHERE is invalid in this context. In order for ON DUPLICATE KEY to work the username field either needs to be the primary key, or a UNIQUE index. dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html Commented Oct 1, 2015 at 22:01
  • why dont you use a trigger on before insert? Commented Oct 1, 2015 at 22:03
  • id is primary, username is unique, but I'm using WHERE with session id ($user = $_SESSION['Username'];) Commented Oct 2, 2015 at 15:35

3 Answers 3

Reset to default
1

First, mysql is deprecated, you should use mysqli.

Second, make sure you escape your values before entering them in queries. mysql_real_escape_string() is a bare minimum.

Third, INSERT / ON DUPLICATE KEY UPDATE does not accept WHERE clause. It's use is for avoid duplicating keys. For a simple user signup or whatever, you could avoid using IDs / auto increment and use username as primary key. But for this you'd need MyISAM or MySQL 5.6+ in order to have fulltext indexing, and in general, this is recommended.

But in this use case, your location and story would be always overwritten. If this is what you want, you can try whatever I've written in the previous paragraph.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I AM using "mysql_real_escape_string" on everything... that is not the issue... the issue is that it doesn't update the existing record but add a new record instead because I can't use WHERE....
As I said, you won't be able to achieve what you want unless using username as PRIMARY KEY. Moreover, even then, you must check before whether password is supplied and if not, avoid inserting it in order not to 'reset' people's password un updating whatever you mean by story.
0

You can use a INSERT INTO ... SELECT FROM ... ON DUPLICATE KEY UPDATE construct like

INSERT INTO 
    members (location, story) 
SELECT '$location', '$story'
FROM table_name
WHERE username='$user' 
ON DUPLICATE KEY UPDATE 
    hash = '$password', 
    location='$location', 
    story='$story'
Improve this answer

1 Comment

Thanks Rahul, I was eager to try your solution, but unfortunately that doesn't work either.... I don't get an error, it just doesn't do anything to the database at all...
0

Ok, I was finally able to solve this problem on my own. For anyone who is interested, here is the code:

// if user entered location         
        if (!empty($_POST['location']))
        {
            // if database row empty
            if ($row['location'] == " ")
            {
                mysql_query("INSERT INTO members (location) VALUES ('".$location."') WHERE username='".$user."'");  
            }
            // if database row not empty
            else 
            {
                mysql_query("UPDATE members SET location='".$location."' WHERE username='".$user."'");      
            }
        }
        // if user entered story
        if (!empty($_POST['story']))
        {
            // if database row empty
            if ($row['story'] == " ")
            {
                mysql_query("INSERT INTO members (story) VALUES ('".$story."') WHERE username='".$user."'");    
            }
            // if database row not empty
            else 
            {
                mysql_query("UPDATE members SET story='".$story."' WHERE username='".$user."'");            
            }
        }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.